Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C#2.0 ASP.NET
sorry for writing in caps
i didnot know that caps writen questios are considered as shouting
Posted 13-May-11 0:36am
nilu16524
Edited 13-May-11 7:01am
v2
Comments
SAKryukov at 13-May-11 5:44am
   
Please eliminate all-caps -- this is considered shouting, not polite.
Do you have any question? If so, you can ask it.
--SA
Smithers-Jones at 13-May-11 5:48am
   
Shouting and no question, therefore downvoted.
SAKryukov at 13-May-11 6:15am
   
In fact you're absolutely right, it deserves exactly 1.
I up-voted only to support the ironic style of my answer...
Cheers,
--SA
Wonde Tadesse at 14-May-11 16:35pm
   
The title and the content of the question don't match. What is this ?
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 5

First: don't shout.
 
Second: ASP.net generally provides automatic user/role management (that is, you do not have to think about secure storage of user data yourself, just use the Membership stuff and LoginPanel etc). Is there a reason you are not using that?
 
Third: If you do have to do it manually, the standard is to store a hash of the password, not an encrypted version of it, so it is non-recoverable. This means if someone hacks your whole system (or some disaffected person at the company wants to mess with it), they don't get everyone's password, even if they know the encryption algorithm and key. When checking if a login is correct, you hash the password1 in the same way as you did in the database, and check if they match. A decent hash which is available on all web servers is SHA-1.
 
(1: Actually, because of 'rainbow tables' – essentially, saved brute force attacks – you should save a hash of the 'salted' password, i.e. adding some text around it. For example, savedPass = SHA-1("hereissomesalttext"+username+password). Putting the user name in there as well means that two users with the same password won't be obvious in the database.)
  Permalink  
Comments
yadagirirao aileni at 24-Nov-11 5:05am
   
how to encrypt password before i send it to database,
and how to decrypt before i show to user(forgot password)
...please provide me the code..by yadagiri
BobJanova at 24-Nov-11 12:12pm
   
Don't store the password in a reversible form. Store a hash, and offer 'reset my password' not 'tell me what it was'. (After all, if they forgot it, a new random one is just as good to them.)
 
If your manager tries to tell you it's a requirement, beat him about the head with a security best practice textbook until he stops.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 6

string pass = EncodePassword(txtPassword.Text);
 
public string EncodePassword(string pass)
   {
       //Declarations
       Byte[] originalBytes;
       Byte[] encodedBytes;
       MD5 md5;
       //Instantiate MD5CryptoServiceProvider, get bytes for original password and compute hash (encoded password)
       md5 = new MD5CryptoServiceProvider();
       originalBytes = ASCIIEncoding.Default.GetBytes(pass);
       encodedBytes = md5.ComputeHash(originalBytes);
       //Convert encoded bytes back to a 'readable' string
       return BitConverter.ToString(encodedBytes);
   }
  Permalink  
Comments
rahultandon1000 at 13-May-11 5:56am
   
my 5 for code
Rick Shaub at 13-May-11 10:23am
   
This is a one-way hash. You can't decrypt it. However, if you added a salt, this would be the prefereable way to store passwords.
BobJanova at 13-May-11 10:55am
   
You shouldn't use MD5 any more for new apps, it is a bit weak these days.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 7

Look at this Tip/Trick
 
Password Storage: How to do it.[^]
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 8

Use HashPasswordForStoringInConfigFile() static method of FormsAuthentication class which is under the System.Web.Security namespace to Encrypt your password string into 32 char encrypted string... you can use MD5 algorithm as well as SSH1 algorithm to encrypt it...
 
System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(LoginUser.Password, "MD5");

only one disadvantage is that there isn't any other method to decrypt your encrypted string...
For that you have to use other method or you can use any web service from the net that help you to encypt or decrypt your string... There are many web service are there......
 
Or you can develop your own algorithm to encrypt or decrypt string.. yes It has less security than the other algorithm, but you can do like following....
 

private string encrypt(string str)
{
        string _result = string.Empty;
        char[] temp = str.ToCharArray();
        foreach (var _singleChar in temp)
        {
                var i = (int)_singleChar;
                i = i - 2;
                _result += (char)i;
        }
        return _result;
}
private string decrypt(string str)
{
        string _result = string.Empty;
        char[] temp = str.ToCharArray();
        foreach (var _singleChar in temp)
        {
                var i = (int)_singleChar;
                i = i + 2;
                _result += (char)i;
        }
        return _result;
}
  Permalink  
v2
Comments
parkavikarthi at 22-Sep-13 1:06am
   
Great Code!!!! Worked perfectly for encrypting text in textbox and again decrypting
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Great! My 5 for the question! This is absolutely right thing to do. Now do it — you got my approval.
 
[EDIT]
This answer referrs to original formulation of the question where OP informed on what she/he wanted to do, quite reasonably.
 
Good luck,
—SA
  Permalink  
v2
Comments
Marc A. Brown at 13-May-11 10:25am
   
LOL. It's so hard to resist posting this style of answer when we get that style of (non-)question. You get my 5.
SAKryukov at 13-May-11 12:42pm
   
Thank you Marc. I knew you would understand my feeling to have a little fun.
Maybe this is just a chance to get a little compensation for more and more really frustrating questions coming. :-)
--SA
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Have you Google on it ? If no then try it you will get your answer.There are several Algo is Available like MD5,SH1,RSA,etc....
 
well try this out,
 
[link 1]
 
[Link 2]
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 4

use hashing algorithms to encrypt your password ... they encrypt data only in one side..once encrypted it cannot be decrypted
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 9

To securely store a password so that it can be read back, use the
 
System.Security.Cryptography.ProtectedData class
 
public static string ProtectPassword(string password)
{
    byte[] bytes = Encoding.Unicode.GetBytes(password);
    byte[] protectedPassword = ProtectedData.Protect(bytes, null, DataProtectionScope.CurrentUser);
    return Convert.ToBase64String(protectedPassword);
}
 
public static string UnprotectPassword(string protectedPassword)
{
    byte[] bytes = Convert.FromBase64String(protectedPassword);
    byte[] password = ProtectedData.Unprotect(bytes, null, DataProtectionScope.CurrentUser);
    return Encoding.Unicode.GetString(password);
}
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 10

String strConfigurationKey = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(txtKey.Text, "SHA1");
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 359
1 Maciej Los 290
2 Sergey Alexandrovich Kryukov 230
3 Shweta N Mishra 185
4 PIEBALDconsult 149
0 OriginalGriff 7,760
1 Sergey Alexandrovich Kryukov 7,072
2 DamithSL 5,604
3 Manas Bhardwaj 4,986
4 Maciej Los 4,785


Advertise | Privacy | Mobile
Web01 | 2.8.1411023.1 | Last Updated 20 Aug 2014
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100